Firewall Wizards mailing list archives
Re: Worms, Air Gaps and Responsibility
From: Gwendolynn ferch Elydyr <gwen () reptiles org>
Date: Mon, 10 May 2004 11:38:39 -0400 (EDT)
On Mon, 10 May 2004, Paul D. Robertson wrote:
I'm generally amused by the extent to which people panic about mobile users - often while failing to take basic precautions about their internal users.That's because a good portion of the recent worm infections were through the "hibernating laptop" vector- or at least that's the theory amongst those who needed to point a finger.
Heh. That's up there with the "Our company never has security issues" quotes, and "I don't know how that porn got on my computer!".
Beyond that, I think it's not accurate to presume that most mobile users are satisfied with email and web access. One of the recurring questions that we receive from our mobile users is "How can I access <foo>", where <foo> is typically a document store, or a customer-facing application, like a parts ordering database.All too true, but *if* it brings in the thought of internal segmentation, and internal firewalling, then I think it's a net benefit.
I'd agree - unfortunately the usual result is panicing about mobile users and the "external" demark, and ignoring the soft chewy interior. There's one [nameless] company, where [like many others], external and mobile users are allowed to VPN into the office. The office is protected by a firewall - but there's nothing behind it... and the VPN offers a pipeline straight into the soft chewy center. As an extra bonus, the VPN client as distributed cheerfully supports concurrent network connections, so the VPN users are effectively creating a pipe from the Internet to the heart of the "secure" network. It'd be great to claim that this was an unusual configuration.
While I think that security by user class is a good step, I too think that laptop user isn't a good user class. However, I'd have no issues with using it as one to start the process of internal network comparmentalization.
Any port in a storm, indeed ;> cheers! ========================================================================== "A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Worms, Air Gaps and Responsibility, (continued)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 10)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 10)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re[2]: Worms, Air Gaps and Responsibility Paul Van Noord (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Eric Maiwald (May 07)
- Re: Worms, Air Gaps and Responsibility Vinicius Moreira Mello (May 10)
- Re: Worms, Air Gaps and Responsibility Bret Watson (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Mason Schmitt (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Mason Schmitt (May 10)
- Re: Worms, Air Gaps and Responsibility David Lang (May 10)
- Re: Worms, Air Gaps and Responsibility George Capehart (May 07)
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 06)
- Re: Worms, Air Gaps and Responsibility Crispin Cowan (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)